Alert: Phishing Scam Targeting Businesses Using BBB Name

  
     
September 11, 2017

BBB Warns Local Business Owners of Phishing Scam Using BBB’s Name

 Winston Salem, NC- September 11, 2017-  The Better Business Bureau, long known for protecting consumers, has discovered an email phishing scam targeting small businesses. The scam uses the BBB’s reputation for trustworthiness to trick victims into unwittingly downloading malware.

 This scam was originally discovered in August, though it had a limited reach and died down quickly. This iteration of the scam at first reports seems to have a much wider reach.

 The Better Business Bureau is warning business owners and consumers that the BBB name and logo are being fraudulently used by criminals in this on-going phishing scam. The emails look very much like notice of a complaint from BBB, but contain links to malware that can infect the recipient’s computer or steal passwords.

The BBB offers these instructions for business owners to protect their companies against this scam:

  1. If you get an email that looks like it is informing you of a BBB complaint, do NOT click on any links or attachments.
  2. Read the email carefully for signs that it may be fake (for example, misspellings, grammatical errors, generic greetings such as “Dear member” instead of a name, etc.). This particular scam includes a “from” email address that is not related with bbb.org/ and links that do not point to a bbb.org website.
  3. Be wary of urgent instructions to take specified action such as “Click on the link or your account will be closed.”
  4. Hover your mouse over links without clicking to see if the address is truly from bbb.org. The URL in the text should match the URL that your mouse detects. If the two do not match, it is most likely a scam.
  5. Send a copy of the email to phishing@council.bbb.org (Note: This address is only for scams that use the BBB name or logo)
  6. Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
  7. Run anti-virus software updates frequently and do a full system scan.
  8. Keep a close eye on your bank statements for any unexpected or unexplained transactions.
  9. If you have clicked on any of the links within the email, immediately change your email and network passwords AND notify your local IT provider for next steps and actions.
    NOTE - If the link you clicked appeared to be for a Google Doc, a malicious service called "Google Docs" may gain access to everything within your Google account.  You should, as soon as possible, access your Google permissions page to see what apps and sites are connected and have access to your account.  Remove the Google Docs app, and then change your password.

BBB is working with law enforcement as well as a private deactivation firm to shut down as many criminal websites as possible. To date, they have shut down well over 100 sites.

If you have any question or concerns regarding your business, contact your local BBB at https://www.bbb.org/northwestern-north-carolina.